Edit Module
Bookmark and Share Email this page Email Print this page Print Pin It
Feed Feed

Jan 30, 201811:27 AMOpen Mic

Send us your blog for consideration!

New European data privacy rules apply to local businesses

(page 1 of 2)

Many area businesses have European residents among their customers. If you do, you probably have data about those customers on your computer systems. New European Union (EU) regulations about the security and privacy of that data are relevant to you.

These EU regulations are called the General Data Protection Regulation, or GDPR. The rules — and penalties — are designed to establish cohesive data privacy laws across Europe. GDPR applies to all companies that handle personal data for anyone living in the European Union, regardless of the company’s location.

GDPR rules will go into effect in May 2018. After that date, companies that fail to secure European citizens’ data or honor privacy requirements could be subject to fines ranging up to 4% of the company’s worldwide revenue.

Compliance is therefore important, but this topic is important not just for avoiding penalties. It’s important because what GDPR rules demand is also good business practice — the same discipline needed to safeguard your customers’ important information helps to safeguard your businesses’ sensitive details, such as financial data, trade secrets, engineering drawings, business processes, and more.

Basic overview of GDPR: Rules and readiness

Companies must obtain specific consent from their customers, or other parties whose behavior they are monitoring, to gather and store personal data. Hard-to-read terms and conditions full of legalese aren’t acceptable; consent must be given in an easy-to-understand form using clear and plain language. Companies must also make it easy for customers to withdraw consent.

Companies must provide notification about data breaches within 72 hours.

It doesn’t matter where companies are located — nor whether their data is stored on-premises or in the cloud. U.S. companies must identify personal data for Europeans, they must protect it, and they must report on failures to do so.

Most companies are not ready to meet these requirements. Many haven’t yet realized how the rules apply to them. A recent survey by technology research firm Gartner Inc. predicts that by the end of 2018, more than 50% of companies affected by GDPR will not be in full compliance with its requirements, and lack of compliance could lead to hefty fines.

For example, the following infractions could result in a 2% fine of a company’s annual global revenues: failure to have records in order; failure to notify the supervising authority and data subject (the person’s whose data has been compromised) about a breach; or failure to conduct impact assessments.

GDPR rules apply both to companies that control data — that is, most organizations — and those that process data, such as providers of cloud-based storage and collaboration services.

(Continued)

Jan 31, 2018 09:29 am
 Posted by  Anonymous

This is very useful and important information. One major gap is a good definition of "company". I periodically come across the misconception that "international" in Business means big corporation- big infrastructure. With the internet there are tens and maybe hundreds of thousands of microbusinesses- self-employed or wit ha handful of employees who are working/selling internationally. Most of us consciously or not very consciously maintain data on our customers- some of it as simple as an address book with various fields filled in or added. So this raised to me lots of questions as to what level/type of business is liable under the laws and how does this affect things like sending solicitations to potential new clients (much less how on a small budget you safeguard data beyond the basic anti-virus etc. programs many of us can afford or use. Far more businesses are global today and many of us are very small.

Add your comment:
Bookmark and Share Email this page Email Print this page Print Pin It
Feed Feed
Edit Module
Edit Module